Hacking

Security researchers found a way to gain remote access to Tesla cars and execute some actions. Some actions like move the mirrors or open the trunk are not so scary but some other actions like access to the brakes is very scary. Don’t think that those actions require the hacker to be near the car, access to the brakes can be done remotely, kilometers away from the car. Keen security lab researches created a video that demonstrate some actions they can perform on Tesla cars. I hope those security holes to be patched soon.

Ransomwares are becoming very common since (apparently) only a small percentage is taking backups. Most people and organizations have valuable data laying in their hard drives without taking any backups. Creators of ransomwares are aware of this and they encrypt their files asking for money to provide them the key to unlock their files. In many cases, people and organizations are paying the ransom, creators make profit and they create more, more difficult to decrypt ransomwares. In this post we will provide the solution, how to encrypt some of the ransomwares, if you are the victim of those ransomware then you are luckier than others.

Security researches discovered a new Chrome zero-day exploit that can be used to hack any Android phone. Even the latest version has the vulnerability in the JavaScript v8 engine of the Chrome browser of the Android operating system. The browser comes pre-installed on almost all Android smartphones. All the hackers have to do is lure their victims to a malicious website. Exploiting that vulnerability, the website can gain administrative rights and install any malware application which will give them full access to the phone. The exploit was demonstrated at the PacSec conference in Tokyo 2015.

This post is not for technical gurus and hackers, everyone with a Skype can crash it. By sending a simple message the application crashes badly for both the sender and the receiver and it needs re-installation. This bug affects some new versions of Skype. The message is not a massive amount of characters but a simple short message. If you want to try it, send “http://:” and voila! I would never believe that such a bug exists in such a popular application for so long time. I believe Microsoft developers will try to blame the initial software developers that wrote the legacy code!

No, I am not kidding, and you are reading it correctly. Agents from both NSA and CIA are tasked to watch videos including porn. The reason behind this is simple, Al-Qaeda and ISIS (Islamic State) send coded messages to their followers using pornography, reddit, twitter and any other way or social media suits their needs. Israeli Intelligence Agency noticed those messages terrorists are sending using images and videos with the technique called steganography. Steganography is the art/method to hide a message/file in another message/file. For example a shopping list that can contain a secret message, an image that can contain another file or image and so on. The advantage of steganography versus cryptography is that the message is publicly available to everyone and it doesn’t attract attention. I will show you a real example at the end of the article. Back to our news, CIA and NSA are watching nude photos and porn videos to find those message. Of course, terrorists are also using cryptography, advanced cryptography to avoid (delay as far as possible) decryption even with NSA supercomputers. Those nude pictures agents are watching all day long is not only from known terrorists but from everyone, they have surveillance programs were they capture almost anything so think twice the next time you will take a nude picture of your… self.

Lookout Mobile Security recently found a new Android malware called Coinkrypt. This type of malware is not harmful as it doesn’t steal personal data or delete anything but instead it uses the smart phone hardware to mine crypto-currencies such us Bitcoin and Litecoin. Mobile hardware is not very powerful to mine Bitcoins with profit but using many smartphones that are not theirs generates profit. In order to be more difficult for users to be suspicious about Coinkrypt, it mines crypto-currencies only when the device is charging. Otherwise, the battery level will drop significantly very fast as mining Bitcoins or any other crypto-currency uses all the available resources if you don’t put a limit. This might also cause heat and damage your device if it is heated for an extensive period of time.

Israeli security researches at Tel Aviv University have published a paper called “RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis”. They claim that they can extract keys used in 4096-RSA, one of the most secure encryption algorithms, by capturing the sound generated by CPU during decryption. The microphone can be a mobile phone placed very close to the PC or a sensitive microphone placed 4 meters away. One of the researchers is Adi Shamir who is the S in RSA and he co-invented the RSA encryption algorithm.

One of the most famous forums about Bitcoin has been hacked and defaced by a group of hackers called “The Hole Seekers” to make profit. They say that they have the database which contains information for around 150000 users. The passwords were encrypted with SHA256 which is the same hash algorithm Bitcoin uses. Hackers are selling the database for 25 Bitcoins which is currently about $3000. Site owner on the other hand gives 50 Bitcoins (~$6000) to the first that will find the security hole. Attackers can get that instead or get greedy and receive both rewards. If you had account on Bicoin Talk and you used the same password in an exchange site it is strongly advised to change it or be prepared to loose your money. Bitcoin Talk source code is publicly available so if you can find the security hole you can make a quick profit.

We have many posts about iOS lockscreen vulnerabilities and the new iOS couldn’t resist of having (at least) one too. If someone steal your iPhone then be sure he will be able to access it and find all your sensitive information. According to Apple they already fixed about 80 vulnerabilities, they could avoid them with the experience they have or by delaying it for few months and have security researches finding those before they release it to the market. Of course timing and profit are everything for Apple and security is second. The security hole is for the normal PIN code or password lock of the screen.

An Android Firefox exploit found which can be triggered and execute apk files. It forces Firefox versions 23/24/26 to download and execute a malicious application. This exploit was posted by a Russian hacker and exploit writer and the auction starts at $460. This can happen by just visiting a malicious site so even browsing is not safe. The only thing for the attacker is to use some social engineering and convince people to visit a malicious website. He might not even have to do it since he can instead infect a known website and all its visitors be victims. Update your software to the latest version and be careful on the websites you are visiting.